CVE Vulnerabilities

CVE-2022-2989

Placement of User into Incorrect Group

Published: Sep 13, 2022 | Modified: Feb 12, 2023
CVSS 3.x
7.1
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
3.6 LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Ubuntu
MEDIUM

An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

Weakness

The product or the administrator places a user into an incorrect group.

Affected Software

Name Vendor Start Version End Version
Podman Podman_project * *
Red Hat Enterprise Linux 8 RedHat container-tools:rhel8-8070020221026183352.489fc8e9 *
Red Hat Enterprise Linux 8 RedHat container-tools:4.0-8080020230217080101.8108cfbc *
Red Hat Enterprise Linux 9 RedHat buildah-1:1.27.0-2.el9 *
Red Hat Enterprise Linux 9 RedHat podman-2:4.2.0-7.el9_1 *
Libpod Ubuntu jammy *
Libpod Ubuntu kinetic *
Libpod Ubuntu lunar *
Libpod Ubuntu mantic *

References